X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Ftemplates%2Fstatic-mirroring%2Fvhost%2Fstatic-vhosts-simple.erb;h=2107a36bd15141725c7ea793ae32b39fcefb8992;hb=f6a4eb4d0eb7078ffb261191abab23801e12db17;hp=738ad3a115f427eebc1e559b1d47645e6d6376ae;hpb=5d598f2a486bfb7619f294eeb606aa114f183349;p=mirror%2Fdsa-puppet.git
diff --git a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
index 738ad3a11..2107a36bd 100644
--- a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
+++ b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
@@ -4,15 +4,54 @@
# deb.debian.org
<% if scope.function_has_static_component(['deb.debian.org']) -%>
- Redirect /debian/ http://cdn-fastly.deb.debian.org/debian/
- Redirect /debian-debug/ http://cdn-fastly.deb.debian.org/debian-debug/
- Redirect /debian-ports/ http://cdn-fastly.deb.debian.org/debian-ports/
- Redirect /debian-security/ http://cdn-fastly.deb.debian.org/debian-security/
+ ServerAlias httpredir.debian.org
+ ServerAlias cdn.debian.net
+ ServerAlias http.debian.net
+
+ Redirect /debian http://cdn-fastly.deb.debian.org/debian
+ Redirect /debian-debug http://cdn-fastly.deb.debian.org/debian-debug
+ Redirect /debian-ports http://cdn-fastly.deb.debian.org/debian-ports
+ Redirect /debian-security http://cdn-fastly.deb.debian.org/debian-security
+
+ >
+ ServerName deb.debian.org
+
+ ErrorLog /var/log/apache2/deb.debian.org-error.log
+ CustomLog /var/log/apache2/deb.debian.org-access.log privacyssl
+
+ Use common-debian-service-ssl deb.debian.org
+ Use common-ssl-HSTS
+
+ ServerAdmin debian-admin@lists.debian.org
+
+ UserDir disabled
+
+ ServerSignature On
+
+ DocumentRoot /srv/static.debian.org/mirrors/deb.debian.org/cur
+
+ AllowOverride FileInfo Indexes Options=Multiviews
+ Options Indexes SymLinksIfOwnerMatch
+ Require all granted
+
+
+ Header set Surrogate-Key <%= @hostname %>
+
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
+
+ Redirect /debian https://cdn-aws.deb.debian.org/debian
+ Redirect /debian-debug https://cdn-aws.deb.debian.org/debian-debug
+ Redirect /debian-ports https://cdn-aws.deb.debian.org/debian-ports
+ Redirect /debian-security https://cdn-aws.deb.debian.org/debian-security
+
<% end -%>
ServerAlias network-test-backend.debian.org
+
+ Header set Cache-Control "must-revalidate, max-age=0"
+
@@ -22,12 +61,13 @@
+ AddDefaultCharset utf-8
+
# Rewrite away double slashes
RewriteEngine on
- RewriteCond %{THE_REQUEST} //
- RewriteRule ^.*$ $0 [R=302,L,NE]
+ RewriteCond %{REQUEST_URI} ^(.*)//(.*)$ [NC]
+ RewriteRule . %1/%2 [R=301,L,NE]
- AddDefaultCharset utf-8
ForceType text/plain
@@ -41,11 +81,11 @@
RewriteRule ^/migration/testing.pl /migration/cache/%2/%1.html [PT,L]
RewriteRule ^/migration/testing.pl /migration/cache/_index.html
+ Alias /oldstable-proposed-updates/ /srv/static.debian.org/mirrors/release.debian.org-pu/cur/
Alias /proposed-updates/ /srv/static.debian.org/mirrors/release.debian.org-pu/cur/
Require all granted
Options Indexes SymLinksIfOwnerMatch MultiViews
- IndexOptions FancyIndexing NameWidth=*
AddEncoding gzip .gz
FilterDeclare gzip CONTENT_SET
@@ -55,6 +95,11 @@
ForceType text/plain
AddDefaultCharset utf-8
+
+ ForceType text/html
+ AddDefaultCharset utf-8
+
+ AddType text/plain .wml
@@ -62,7 +107,6 @@
AllowOverride FileInfo Indexes Options=Multiviews
Options Multiviews Indexes FollowSymLinks Includes
- IndexOptions FancyIndexing NameWidth=*
Require all granted
@@ -83,10 +127,7 @@
AddEncoding x-gzip .gz
AddType text/plain .log
-
- AddOutputFilterByType DEFLATE image/svg+xml
- AddOutputFilterByType DEFLATE text/plain
-
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css image/svg+xml
@@ -108,6 +149,76 @@
RewriteRule ^/source/([a-z0-9-]+)/?$ /${source-map:$1} [L,R,NE]
# Versioned request
RewriteRule ^/source/([a-z0-9-]+)/([a-zA-Z0-9.+:~-]+)$ /${source-map:$1/$2} [L,R,NE]
+
+ Header always set Content-Security-Policy "default-src 'self'; media-src 'none'; object-src 'none';"
+
+ Header always set Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline';"
+
+
+
+
+
+ ForceType text/html
+
+
+ ForceType text/html
+
+
+ RewriteEngine on
+ RewriteRule ^/$ /wiki/Main_Page [L,R=permanent]
+ RewriteRule ^/wiki/$ /wiki/Main_Page [L,R=permanent]
+
+ RewriteCond %{QUERY_STRING} (^|&)modules=mediawiki.legacy.commonPrint,shared|skins.monobook(&|$)
+ RewriteCond %{QUERY_STRING} (^|&)only=styles(&|$)
+ RewriteRule ^/load.php$ /load-monobook-styles.css [L,QSD]
+
+ RewriteCond %{QUERY_STRING} (^|&)modules=site(&|$)
+ RewriteCond %{QUERY_STRING} (^|&)only=styles(&|$)
+ RewriteRule ^/load.php$ /load-site-styles.css [L,QSD]
+
+ RewriteCond %{QUERY_STRING} (^|&)modules=startup(&|$)
+ RewriteCond %{QUERY_STRING} (^|&)only=scripts(&|$)
+ RewriteRule ^/load.php$ /load-startup-scripts.js [L,QSD]
+
+ RewriteCond %{QUERY_STRING} (^|&)modules=site(&|$)
+ RewriteCond %{QUERY_STRING} (^|&)only=scripts(&|$)
+ RewriteRule ^/load.php$ /load-site-scripts.js [L,QSD]
+
+ RewriteCond %{QUERY_STRING} (^|&)modules=jquery%2Cmediawiki(&|$)
+ RewriteCond %{QUERY_STRING} (^|&)only=scripts(&|$)
+ RewriteRule ^/load.php$ /load-jquery-scripts.js [L,QSD]
+
+ RewriteCond %{QUERY_STRING} (^|&)modules=jquery.client%2Ccookie%2CmessageBox%2CmwExtension|mediawiki.legacy.ajax%2Cwikibits|mediawiki.page.startup|mediawiki.util(&|$)
+ RewriteRule ^/load.php$ /load-jquery.client.js [L,QSD]
+
+ RewriteCond %{QUERY_STRING} (^|&)modules=jquery.checkboxShiftClick%2CmakeCollapsible%2Cmw-jump%2Cplaceholder%7Cmediawiki.page.ready%7Cmediawiki.user(&|$)
+ RewriteRule ^/load.php$ /load-jquery.checkbox.js [L,QSD]
+
+
+
+ ServerAlias www-test.debconf.org
+
+
+ Options +IncludesNOEXEC
+ SSILegacyExprParser on
+ DirectoryIndex index.shtml
+
+
+ AddOutputFilter INCLUDES .shtml
+
+ RewriteEngine On
+ # A few redirects for older debconf sites, so old links work
+ RewriteRule ^/gallery/(.*)$ https://gallery.debconf.org/v/$1 [R=permanent,L]
+ RewriteRule ^/.*years$ https://10years.debconf.org/ [R=permanent,L]
+ RewriteRule ^/debconf2$ https://debconf2.debconf.org/ [R=permanent,L]
+ RewriteRule ^/debconf3$ https://debconf3.debconf.org/ [R=permanent,L]
+ RewriteRule ^/debconf4$ https://debconf4.debconf.org/ [R=permanent,L]
+ RewriteRule ^/debconf5$ https://debconf5.debconf.org/ [R=permanent,L]
+ RewriteRule ^/10years/(.*)$ https://10years.debconf.org/$1 [R=permanent,L]
+ RewriteRule ^/debconf2/(.*)$ https://debconf2.debconf.org/$1 [R=permanent,L]
+ RewriteRule ^/debconf3/(.*)$ https://debconf3.debconf.org/$1 [R=permanent,L]
+ RewriteRule ^/debconf4/(.*)$ https://debconf4.debconf.org/$1 [R=permanent,L]
+ RewriteRule ^/debconf5/(.*)$ https://debconf5.debconf.org/$1 [R=permanent,L]
<%=
@@ -157,9 +268,13 @@ vhost(lines, "wnpp-by-tags.debian.net" , :ssl => true)
vhost(lines, "security-team.debian.org" , :ssl => true)
vhost(lines, "d-i.debian.org" , :ssl => true)
vhost(lines, "appstream.debian.org" , :ssl => true)
+vhost(lines, "dpl.debian.org" , :ssl => true)
vhost(lines, "dsa.debian.org" , :ssl => true)
vhost(lines, "rtc.debian.org" , :ssl => true)
+vhost(lines, "mirror-master.debian.org" , :ssl => true)
vhost(lines, "onion.debian.org" , :ssl => true)
+vhost(lines, "manpages.debian.org" , :ssl => true, :extra => true)
+vhost(lines, "cdbuilder-logs.debian.org" , :ssl => true)
vhost(lines, "bits.debian.org" , :ssl => true, :extra => true)
vhost(lines, "micronews.debian.org" , :ssl => true)
@@ -175,9 +290,14 @@ vhost(lines, "debconf5.debconf.org" , :ssl => true)
vhost(lines, "debconf6.debconf.org" , :ssl => true)
vhost(lines, "debconf7.debconf.org" , :ssl => true)
vhost(lines, "debconf16.debconf.org" , :ssl => true)
+vhost(lines, "debconf17.debconf.org" , :ssl => true)
+vhost(lines, "debconf18.debconf.org" , :ssl => true)
+vhost(lines, "debconf19.debconf.org" , :ssl => true)
vhost(lines, "es.debconf.org" , :ssl => true)
vhost(lines, "fr.debconf.org" , :ssl => true)
vhost(lines, "miniconf10.debconf.org" , :ssl => true)
+vhost(lines, "wiki.debconf.org" , :ssl => true, :extra => true)
+vhost(lines, "www.debconf.org" , :ssl => true, :extra => true)
vhost(lines, "deb.debian.org" , :extra => true)
vhost(lines, "release.debian.org" , :ssl => true, :extra => true)
@@ -192,80 +312,221 @@ lines.join("\n")
# www.backports.org is the historical place for the backports
# website and archive. It is now a CNAME to backports.debian.org:
# redirect http requests.
- >
+ >
ServerName www.backports.org
ServerAlias lists.backports.org
ServerAdmin debian-admin@debian.org
- RedirectPermanent / http://backports.debian.org/
+ RedirectPermanent / https://backports.debian.org/
######################
- >
+ >
ServerName www.debian-ports.org
ServerAlias debian-ports.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / https://www.ports.debian.org/
- >
+ >
ServerName ports.debian.org
ServerAlias ports.debian.net
ServerAdmin debian-admin@debian.org
RedirectPermanent / https://www.ports.debian.org/
- >
+ >
ServerName incoming.debian-ports.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / http://incoming.ports.debian.org/
- >
+ >
ServerName ftp.debian-ports.org
ServerAdmin debian-admin@debian.org
- RedirectPermanent /archive http://www.ports.debian.org
+ RedirectPermanent /archive https://www.ports.debian.org
RedirectPermanent /debian http://ftp.ports.debian.org/debian-ports
- RedirectPermanent /debian-cd http://ftp.ports.debian.org/debian-ports-cd
+ RedirectPermanent /debian-cd https://cdimage.debian.org/cdimage/ports/
RedirectPermanent / http://ftp.ports.debian.org/
- >
+
ServerName video.debian.net
ServerAdmin debian-admin@debian.org
- Redirect / http://meetings-archive.debian.net/pub/debian-meetings/
+ Redirect / https://meetings-archive.debian.net/pub/debian-meetings/
+
+
+ >
+ Use vstatic-vhost-video.debian.net
+
+
+ >
+ Use vstatic-vhost-video.debian.net
+ Use common-debian-service-ssl video.debian.net
+ Use common-ssl-HSTS
+
+
+Use common-dsa-vhost-https-redirect lists.alioth.debian.org
+ >
+ ServerName lists.alioth.debian.org
+ ServerAdmin debian-admin@debian.org
+ Use common-debian-service-ssl lists.alioth.debian.org
+ Use common-ssl-HSTS
+ Redirect / https://alioth-lists.debian.net/
+
+
+Use common-dsa-vhost-https-redirect pkg-ruby-extras.alioth.debian.org
+ >
+ ServerName pkg-ruby-extras.alioth.debian.org
+ ServerAdmin debian-admin@debian.org
+ Use common-debian-service-ssl pkg-ruby-extras.alioth.debian.org
+ Use common-ssl-HSTS
+ Redirect / https://gemwatch.debian.net/
+
+
+Use common-dsa-vhost-https-redirect video.debconf.org
+ >
+ ServerName video.debconf.org
+ ServerAdmin debian-admin@debian.org
+ Use common-debian-service-ssl video.debconf.org
+ Use common-ssl-HSTS
+ Redirect / https://debconf-video-team.pages.debian.net/docs/
+
+
+<% if scope.function_has_static_component(['metadata.ftp-master.debian.org']) -%>
+ >
+ ServerName metadata.ftp-master.debian.org
+ ServerAlias metadata-backend.ftp-master.debian.org
+ # all self-referential URLs should use the public host name
+ UseCanonicalName On
+ Use common-debian-service-ssl metadata-backend.ftp-master.debian.org
+ ErrorLog /var/log/apache2/metadata-backend.ftp-master.debian.org-error.log
+ CustomLog /var/log/apache2/metadata-backend.ftp-master.debian.org-access.log privacy
+
+ Use static-vhost-base-metadata.ftp-master.debian.org
+
+<% end -%>
+
+Use common-dsa-vhost-https-redirect debconf.org
+ >
+ ServerName debconf.org
+ ServerAdmin debian-admin@debian.org
+ Use common-debian-service-ssl debconf.org
+ Use common-ssl-HSTS
+ Redirect / https://www.debconf.org/
# historical sites
##################
# now only redirects remain
- >
+ >
ServerName women.debian.org
ServerAdmin debian-admin@debian.org
- RedirectPermanent / http://www.debian.org/women/
-
- RedirectPermanent /about/ http://www.debian.org/women/about
- RedirectPermanent /contact/ http://www.debian.org/women/contact
- RedirectPermanent /faqs/ http://www.debian.org/women/faq
- RedirectPermanent /home/ http://www.debian.org/women/
- RedirectPermanent /images/dw.png http://www.debian.org/women/dw.png
- RedirectPermanent /involvement/ http://www.debian.org/women/participate
- RedirectPermanent /mentoring/ http://www.debian.org/women/mentoring
- RedirectPermanent /press/ http://wiki.debian.org/DebianWomen/Press
- RedirectPermanent /profiles/ http://www.debian.org/women/profiles/
+ RedirectPermanent / https://www.debian.org/women/
+
+ RedirectPermanent /about/ https://www.debian.org/women/about
+ RedirectPermanent /contact/ https://www.debian.org/women/contact
+ RedirectPermanent /faqs/ https://www.debian.org/women/faq
+ RedirectPermanent /home/ https://www.debian.org/women/
+ RedirectPermanent /images/dw.png https://www.debian.org/women/dw.png
+ RedirectPermanent /involvement/ https://www.debian.org/women/participate
+ RedirectPermanent /mentoring/ https://www.debian.org/women/mentoring
+ RedirectPermanent /press/ https://wiki.debian.org/DebianWomen/Press
+ RedirectPermanent /profiles/ https://www.debian.org/women/profiles/
- >
+ >
ServerName volatile.debian.org
ServerAlias volatile-master.debian.org
ServerAdmin debian-admin@debian.org
- RedirectPermanent / http://www.debian.org/volatile/
+ RedirectPermanent / https://www.debian.org/volatile/
- >
+ >
ServerName ftp-master.metadata.debian.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / http://metadata.ftp-master.debian.org/
+ >
+ ServerName backports-master.debian.org
+ ServerAdmin debian-admin@debian.org
+ RedirectPermanent / https://backports.debian.org/
+
+
+ >
+ ServerName manpages.debian.net
+ ServerAdmin debian-admin@debian.org
+ Redirect / https://manpages.debian.org/
+
+
+Use common-dsa-vhost-https-redirect sources.debian.net
+ >
+ ServerName sources.debian.net
+ ServerAdmin debian-admin@debian.org
+ Use common-debian-service-ssl sources.debian.net
+ Use common-ssl-HSTS
+ Redirect permanent / https://sources.debian.org/
+
+
+# error pages
+#############
+
+Use common-dsa-vhost-https-redirect archive.debian.net
+ >
+ ServerName archive.debian.net
+ ServerAdmin debian-admin@debian.org
+ ErrorLog /var/log/apache2/archive.debian.net-error.log
+ CustomLog /var/log/apache2/archive.debian.net-access.log privacyssl
+ Use common-debian-service-ssl archive.debian.net
+ Use common-ssl-HSTS
+ Use common-disabled-service
+
+
+ >
+ ServerName cdimage.debian.org
+ ServerAlias cloud.debian.org
+ ServerAlias get.debian.org
+ ServerAlias bttracker.debian.org
+ ServerAlias meetings-archive.debian.net
+ ServerAdmin debian-admin@debian.org
+ ErrorLog /var/log/apache2/cdimage.debian.org-error.log
+ CustomLog /var/log/apache2/cdimage.debian.org-access.log privacyssl
+
+
+ UserDir disabled
+
+ DocumentRoot /srv/static.debian.org/puppet/cdimage.debian.org
+
+ Require all granted
+
+ RewriteEngine On
+ RewriteRule !^/503.html / [R=503]
+ ErrorDocument 503 /503.html
+
+
+ >
+ ServerName cdimage.debian.org
+ ServerAlias cloud.debian.org
+ ServerAlias get.debian.org
+ ServerAlias bttracker.debian.org
+ ServerAlias meetings-archive.debian.net
+ ServerAdmin debian-admin@debian.org
+ ErrorLog /var/log/apache2/cdimage.debian.org-error.log
+ CustomLog /var/log/apache2/cdimage.debian.org-access.log privacyssl
+ Use common-debian-service-ssl cdimage.debian.org
+
+
+ UserDir disabled
+
+ DocumentRoot /srv/static.debian.org/puppet/cdimage.debian.org
+
+ Require all granted
+
+ RewriteEngine On
+ RewriteRule !^/503.html / [R=503]
+ ErrorDocument 503 /503.html
+
+
+
# vim:ft=apache: